update readme, add openapi spec again

Signed-off-by: Nicklas Körtge <[email protected]>
IBM · Nov 20, 2024 · 0feb171 · 0feb171
1 parent d4ab405
commit 0feb171
Show file tree

Hide file tree

Showing 2 changed files with 99 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 [![Current Release](https://img.shields.io/github/release/IBM/cbomkit.svg?logo=IBM)](https://github.com/IBM/cbomkit/releases)
 
 CBOMkit is a toolset for dealing with Cryptography Bill of Materials (CBOM). CBOMkit includes a
-- **CBOM Generation** ([CBOMkit-hyperion](https://github.com/IBM/sonar-cryptography), [CBOMkit-theia](https://github.com/IBM/cbomkit-theia)): Generate CBOMs from source code by scanning git repositories to find the used cryptography.
+- **CBOM Generation** ([CBOMkit-hyperion](https://github.com/IBM/sonar-cryptography), [CBOMkit-theia](https://github.com/IBM/cbomkit-theia)): Generate CBOMs from source code by scanning private and public git repositories to find the used cryptography.
 - **CBOM Viewer ([CBOMkit-coeus](https://github.com/IBM/cbomkit?tab=readme-ov-file#cbomkit-coeus))**: Visualize a generated or uploaded CBOM and access comprehensive statistics.
 - **CBOM Compliance Check**: Evaluate CBOMs created or uploaded against specified compliance policies and receive detailed compliance status reports.
 - **CBOM Database**: Collect and store CBOMs into the database and expose this data through a RESTful API.
@@ -80,15 +80,14 @@ The API server functions as the central component of the CBOMkit, offering a com
 
 #### Features
 - Retrieve the most recent generated CBOMs
-- Access stored CBOMs from the database using Package URLs (PURL)
-- Execute targeted searches for scanned Git repositories utilizing specific algorithms (by name and Oid)
+- Access stored CBOMs from the database
 - Perform compliance checks for user-provided CBOMs against specified policies 
 - Conduct compliance assessments for stored or generated CBOMs against defined policies
 
-*Sample Query to Retrieve CBOM by Package URL*
+*Sample Query to Retrieve CBOM project identifier*
 ```shell
 curl --request GET \
-  --url 'http://localhost:8081/api/v1/cbom?purls=pkg:github/OddSource/java-license-manager'
+  --url 'http://localhost:8081/api/v1/cbom/github.com%2Fkeycloak%2Fkeycloak'
 ```
 
 In addition to the RESTful API, the server incorporates WebSocket integration, enabling:

diff --git a/openapi.yaml b/openapi.yaml
@@ -0,0 +1,95 @@
+---
+openapi: 3.0.3
+info:
+  title: CBOMkit API
+  description: Service for generating and retrieving CBOMs
+  version: 1.2.0
+paths:
+  /api:
+    get:
+      tags:
+      - Status
+      summary: Health test
+      description: Health test endpoint
+      responses:
+        "200":
+          description: OK
+          content:
+            application/json:
+              schema:
+                example:
+                  status: ok
+  /api/v1/cbom/last/{limit}:
+    get:
+      tags:
+      - CBOM Resource
+      summary: Return recently generated CBOMs from the repository
+      description: Returns a list of the most recently generated CBOMs. The length
+        of the list can by specified via the optional 'limit' parameter.
+      parameters:
+      - name: limit
+        in: path
+        required: true
+        schema:
+          format: int32
+          type: integer
+      responses:
+        "200":
+          description: OK
+  /api/v1/cbom/{projectIdentifier}:
+    get:
+      tags:
+      - CBOM Resource
+      description: Get CBOM
+      parameters:
+      - name: projectIdentifier
+        in: path
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          description: OK
+  /api/v1/compliance/check:
+    get:
+      tags:
+      - Compliance Resource
+      summary: Verify the compliance of a stored CBOM identified by it's PURL against
+        a policy
+      description: "Returns the JSON sent by the Regulator API, containing various\
+        \ information about the compliance of the CBOM for a set policy."
+      parameters:
+      - name: commit
+        in: query
+        schema:
+          type: string
+      - name: gitUrl
+        in: query
+        schema:
+          type: string
+      - name: policyIdentifier
+        in: query
+        schema:
+          type: string
+      responses:
+        "200":
+          description: OK
+    post:
+      tags:
+      - Compliance Resource
+      summary: Verify the compliance of a provided CBOM against a policy
+      description: "Returns the JSON sent by the Regulator API, containing various\
+        \ information about the compliance of the CBOM for a set policy."
+      parameters:
+      - name: policyIdentifier
+        in: query
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: string
+      responses:
+        "200":
+          description: OK